<?php

# Import the application settings.
require_once(dirname(__FILE__) . '/config.php');

# Import the database connection code.
require_once(APPLICATION_ROOT . '/db.php');

# Import the function code.
require_once(APPLICATION_ROOT . '/includes/functions.php');

# Sanitize the inputs.

$txn_id = mysql_escape_string(filter_input(INPUT_GET, 'txn_id', FILTER_SANITIZE_STRING));
$userid = mysql_escape_string(filter_input(INPUT_GET, 'userid', FILTER_SANITIZE_STRING));
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
	<head>
		<title><?php echo htmlentities(BSDDS_STORENAME); ?></title>
	</head>
	<body>
		<h1><?php echo htmlentities(BSDDS_STORENAME); ?></h1>
<?php
if ($txn_id) {
	if (DEBUG) {
		$out_txn_id = htmlentities($txn_id);
		print <<<HTML
		<p>Transaction ID: $out_txn_id</p>
HTML;
	}

	$query = $sql->query("SELECT buyer_id FROM " . BSDDS_PURCHASE_TABLE . " WHERE txn_id = '{$txn_id}' LIMIT 1");
	$info = mysql_fetch_array($query);

	$userid = $info['buyer_id'];

	if (DEBUG) {
		$out_userid = htmlentities($userid);
		print <<<HTML
		<p>User ID: $out_userid</p>
HTML;
	}
}

# If a user ID is specified, list their purchases.
if ($userid) {
	print <<<HTML
		<h3>Your purchases</h3>
HTML;
	if (listPurchases($userid) == FALSE) {
		print <<<HTML
		<p>You haven't bought anything!</p>
HTML;
	}
}
?>
		<p>&nbsp;</p>
		<h3>Everything available</h3>
<?php
# List all the items available to download.
require_once(APPLICATION_ROOT . '/listcatalog.php');
?>
	</body>
</html>